discuss terminology: overflow (was Re: [VIM] Zoidcom ..)
jericho at attrition.org
Wed May 18 05:40:49 EDT 2005
: Multiple sources have referred to this as a buffer overflow, when it's
: not an "overflow" at least as traditionally regarded.
: According to Luigi Auriemma's report, the attack involves manipulating a
: size field of a packet. This size field, if too big, then causes
: Zoidcom to "try to read the unallocated memory located after the packet
: buffer or the library will exit immediately if the amount of bits is so
: big that the target buffer cannot be allocated."
: So there's bad buffer management, and modification of length fields is a
: common attack these days, but in this case, there's no stack-smashing or
: heap corruption.
: I'm not sure what term to use, as the underlying bug is still basically
: the same as the bugs that allow classic overflows, but to just say
: "buffer overflow" seems inaccurate.
There a VDB dictionary anywhere? I imagine the original term was more
vague and meant overflowing a buffer. After a while it morphed into the
more well known overflow (stack smashing etc) but when you think about
it.. who determines the meaning?
Another example that just came up with OSVDB. Unspecified vs Nondescript
.. which is more appropriate? The older (1910 range) meaning is
appropriate for our titles.
nondescript \non"de*script\, a. [Pref. non- + L. descriptus
1. Not hitherto described; hence, of no recognizable type or
class; odd; abnormal; unclassifiable.
2. Dull or uninteresting; undistinguished.
Check a more recent dictionary listing though, and it has taken on the
'dull' or 'drab' meaning.
adj : lacking distinct or individual characteristics; dull and
uninteresting; "women dressed in nondescript clothes"; "a nondescript
novel" [syn: characterless] n : a person is not easily classified and not
So over time, nondescript turned into a term that wasn't ideal for
describing vague security vulnerabilities, and 'unspecified' is more
Point being.. has 'overflow' started as one thing, turned into another,
and now ends up being accurate if the original meaning is applied? In this
case there is a small buffer being provided too much information, and the
program acting poorly. Isn't that "overflowing" the buffer?
More information about the VIM